summaryrefslogtreecommitdiffstats
path: root/tracker/CSP_too_strict
diff options
context:
space:
mode:
authorGustav Eek <gustav.eek@fripost.org>2018-12-30 10:26:10 +0100
committerGustav Eek <gustav.eek@fripost.org>2018-12-30 10:26:10 +0100
commit151ef6437bc2194252f53713f6567e02963c1f7a (patch)
treea57f41c33f1403b1d50449221751302ad867bfce /tracker/CSP_too_strict
parent25395abcb95f1c75950b9f28e68ef2b10d32dba3 (diff)
parentf7e3f97b71fa71b5880f31f1ea66e35e181a9711 (diff)
Merge branch 'master' into contact-procedure-update
Diffstat (limited to 'tracker/CSP_too_strict')
-rw-r--r--tracker/CSP_too_strict/comment_1_4156da3309262dc53fff06dbbbcbb30c._comment10
-rw-r--r--tracker/CSP_too_strict/comment_2_01c8f3bc631f9ddecb109455233d6f09._comment8
-rw-r--r--tracker/CSP_too_strict/comment_3_d0893142a031072c638d1e36b17aefe3._comment12
-rw-r--r--tracker/CSP_too_strict/comment_4_b794220c7ed0f1b16daf3dd2970644d8._comment8
4 files changed, 38 insertions, 0 deletions
diff --git a/tracker/CSP_too_strict/comment_1_4156da3309262dc53fff06dbbbcbb30c._comment b/tracker/CSP_too_strict/comment_1_4156da3309262dc53fff06dbbbcbb30c._comment
new file mode 100644
index 0000000..ce90b13
--- /dev/null
+++ b/tracker/CSP_too_strict/comment_1_4156da3309262dc53fff06dbbbcbb30c._comment
@@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ username="Grégoire"
+ avatar="https://seccdn.libravatar.org/avatar/5ed039572e7af206cbc97a7c59dcb0ad"
+ subject="Still a problem with http urls"
+ date="2016-04-08T09:50:11Z"
+ content="""
+Now some of the images work but not all. According to Firefox' console, http URLs are upgraded to https which may not work all the time.
+
+I don't know if it is possible but a better way to do this may be to use roundcube as a proxy for images and other inline content?
+"""]]
diff --git a/tracker/CSP_too_strict/comment_2_01c8f3bc631f9ddecb109455233d6f09._comment b/tracker/CSP_too_strict/comment_2_01c8f3bc631f9ddecb109455233d6f09._comment
new file mode 100644
index 0000000..c6df409
--- /dev/null
+++ b/tracker/CSP_too_strict/comment_2_01c8f3bc631f9ddecb109455233d6f09._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="guilhem"
+ avatar="https://seccdn.libravatar.org/avatar/86d6cb4bde1ef88730b14ccad0414c28"
+ subject="Further weakened the Content-Security-Policy"
+ date="2016-04-08T12:14:46Z"
+ content="""
+Alright, just [removed](https://git.fripost.org/fripost-ansible/commit/?id=e370313ad5895871479fffc922e3c72c0375dbf2) [`upgrade-insecure-requests`](https://www.w3.org/TR/upgrade-insecure-requests/#upgrade-insecure-requests) and [`block-all-mixed-content`](https://www.w3.org/TR/mixed-content/#block_all_mixed_content) from the CSP. Again, with the hope that Roundcube's built-in filter is tight enough by default…
+"""]]
diff --git a/tracker/CSP_too_strict/comment_3_d0893142a031072c638d1e36b17aefe3._comment b/tracker/CSP_too_strict/comment_3_d0893142a031072c638d1e36b17aefe3._comment
new file mode 100644
index 0000000..3c53e3c
--- /dev/null
+++ b/tracker/CSP_too_strict/comment_3_d0893142a031072c638d1e36b17aefe3._comment
@@ -0,0 +1,12 @@
+[[!comment format=mdwn
+ username="Grégoire"
+ avatar="https://seccdn.libravatar.org/avatar/5ed039572e7af206cbc97a7c59dcb0ad"
+ subject="comment 3"
+ date="2016-04-08T13:30:16Z"
+ content="""
+I understand your frustration...
+
+I found that someone openned an related issue agains Roundcube about this almost exactly 2 years ago: [Image proxy #5099](https://github.com/roundcube/roundcubemail/issues/5099). It doesn't seem to be considered high prirority and I can understand as it's probably not an easy thing to get right.
+
+An other interesting way to fix this would be to have at tool that inlines all the images in an email (turn the remote images into data urls) which you would run on all incomming messages (maybe using sieve?). The only problem is that it might considerably blow-up the size of your mailboxes but given the benefits, it might be worth a try.
+"""]]
diff --git a/tracker/CSP_too_strict/comment_4_b794220c7ed0f1b16daf3dd2970644d8._comment b/tracker/CSP_too_strict/comment_4_b794220c7ed0f1b16daf3dd2970644d8._comment
new file mode 100644
index 0000000..144ef97
--- /dev/null
+++ b/tracker/CSP_too_strict/comment_4_b794220c7ed0f1b16daf3dd2970644d8._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="guilhem"
+ avatar="https://seccdn.libravatar.org/avatar/86d6cb4bde1ef88730b14ccad0414c28"
+ subject="comment 4"
+ date="2016-04-08T13:39:39Z"
+ content="""
+Would be nice to have such proxy, indeed. Beside the mailbox overhead, another downside of the sieve hack is that this would invalidate all integrity checking such as DKIM or OpenPGP.
+"""]]